I am a professor at Santa Clara University School of Law, where I teach and write about Internet Law, Intellectual Property and Advertising Law. Before I became a full-time professor in 2002, I practiced technology law in the Silicon Valley from 1994-2002. I've been blogging at the Technology & Marketing Law Blog since 2005 (http://blog.ericgoldman.org).

Today, a Texas appellate court fixed the lower court’s obvious legal error and emphatically ruled that GoDaddy qualifies for Section 230′s protection. While this is good news for the judicial system’s accuracy, it’s hardly the last word on revenge porn legal questions.

Logged in to GoDaddy (Photo credit: Andrew Currie)

The Case Ruling

The case involves Texxxan.com, a website that published user-submitted “revenge porn,” or pornography being published to hurt a person depicted in it. Texxxan.com generated a lot of controversy when it first went live, but it was shut down quickly. As often happens, the lawsuits live on far longer than the website spawning them.

GoDaddy was Texxxan.com’s web host. As a result, GoDaddy didn’t directly interact with the true bad actors, the people who submitted the revenge porn for publication. Instead, the plaintiffs allege that GoDaddy didn’t pull the plug on Texxxan.com, its hosting customer, fast enough. That kind of argument is exactly what Section 230 was supposed to preempt.

To get around Section 230, the plaintiffs argued that Section 230 didn’t apply to intentional torts, obscene material that isn’t constitutionally protected, and civil lawsuits based on criminal statutes. The plaintiffs also argued that GoDaddy didn’t follow its user agreement. The court decisively says that none of these arguments work:

All of plaintiffs’ claims against GoDaddy stem from GoDaddy’s publication of the contested content, its failure to remove the content, or its alleged violation of the Texas Penal Code for the same conduct. Allowing plaintiffs’ to assert any cause of action against GoDaddy for publishing content created by a third party, or for refusing to remove content created by a third party would be squarely inconsistent with section 230.

Implications

This was such an obvious case for Section 230 that it would have been shocking if the appellate court had affirmed the trial court (it was less shocking that the trial court disregarded the law; that happens sometimes with sympathetic cases). Still, this ruling does not end the legal scuffles over revenge porn.

Individual Contributors. Users who submit revenge porn face significant legal risks. I have a separate blog posts in the works where I’ve cataloged at least a half-dozen revenge porn victim victories over the submitters of revenge porn.

Web Hosts v. Site Operators. This case only addresses the situation where a commercial web host provides services to the operator of a user-generated content site, i.e., the web host is two steps away from the bad actors. As the court explains, “it is undisputed that GoDaddy acted only as a hosting company and did not create or develop the third party content on the websites.” That factual basis may be more colorable for revenge porn website operators, like Texxxan, who are only 1 step away from the bad actors. As we’ve seen, the California state attorney general’s office thinks it has a way to get these operators criminally; and courts may think it’s less clear whether site operators like Texxxan.com “created or developed” the third party content at issue.

A New Federal Crime? To get around Section 230, revenge porn advocates want to create a new federal revenge porn crime. This wouldn’t help the plaintiffs directly in the lawsuit–only the government can prosecute crimes–but it would expose GoDaddy and many other service providers to potential criminal liability (i.e., jail time) for the bad acts of their customers’ users. A new crime like that could have significant collateral consequences on legitimate activity, as GoDaddy and other vendors become overly conservative to avoid any risk of betting their liberty. So, while the law currently makes it clear that web hosts aren’t liable for the malfeasance of their customers’ users, a new federal crime almost certainly would fundamentally change that calculus.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

Ahh, Texas — the name alone is enough to strike fear into the hearts of most First Amendment defense lawyers. Texas is to free speech as North Korea is to human rights. But, this is a good ruling and it’s nice to see such a clear rebuke of a trial judge’s blatant mistakes. I also like the fact that they allowed an interlocutory appeal from the order denying CDA immunity (unlike some other courts we know).

Still, one thing sort of bothered me — the Court of Appeals spent a lot of time discussing an earlier case called Milo v. Martin, 311 S.W.3d 210 (Tx.App. 2010). The plaintiffs argued that in Milo, the court held that emotional distress claims were NOT barred by the CDA.

In today’s decision, the court poo-poos this argument, stating “Plaintiffs’ reliance on Milo is misplaced.” That makes it sound like Milo did NOT actually suggest that emotional distress claims were outside the scope of the CDA.

Sorry — that’s just totally false. Milo specifically said: “We must address separately Milo’s and Shelton’s intentional infliction of emotional distress claim, as it is arguably not within the reach of the Communications Decency Act of 1996.”

See http://scholar.google.com/scholar_case?case=13929614137155625314&hl=en&as_sdt=6&as_vis=1&oi=scholarr

Yes, the word “arguably” is somewhat equivocal, but the law on this point could not be any clearer — the CDA bars ALL state-law theories (including emotional distress) if they require treating a website provider or user as the speaker or publisher of information from a third party. The fact that the court in Milo suggested that these claims are “arguably” outside the scope of the CDA is no different than saying Obama was “arguably” born in Kenya. Both points are utterly false, groundless, and without a shred of validity.

In short, Milo got this point dead-wrong, and it’s disappointing that the Texas appeals court didn’t simply acknowledge that mistake in today’s ruling. In the end the court makes it very clear that emotional distress claims are barred, but they did it without owning up to their earlier error in Milo.

So-called revenge porn is a serious problem that can cause untold damage to victims for which there is often little meaningful legal redress. However, in addressing this problem the focus should not be on websites which display intimate images (the Texas appellate court got it correct in overturning the trial court’s blatant disregard of Section 230), but on the perpetrator who posts or otherwise distributes the image. Accordingly, many states have passed legislation targeting the true wrongdoer with criminal penalties. For example, Utah’s governor just signed H.B. 71 (Distribution of Intimate Images) which makes it a class A misdemeanor for a person to distribute an intimate image (there is a lengthy definition in the statute) with the intent to cause emotional distress or harm where the depicted individual has not given consent. The statute explicitly notes that it does not apply to internet service providers or other electronic service or mobile providers, absent a few exceptions. This language was included specifically to prevent a ruling similar to the one issued by the Texas trial court.

Revenge porn is an actionable tort under common law, but often is an inadequate remedy. Criminalizing the conduct of the actual wrongdoer, not the medium of communication, is an appropriate remedy.

These revenge porn sites are a plague. But to think that we might have to expend law enforcement resources to get one picture (taken with consent, in the heat of passion) retrieved or removed seems a waste of limited law enforcement resources, unless this is part a larger pattern of harassment. We may need to strength the cyber harrassment laws in regards to posting images posted without consent of both parties. Again, society has to turn to police because folks can’t act like adults when a relationship goes south. As for criminal liability for hosting site it would be better tailored that the image must be removed within a specific timeframe from the complaint, with sizable damages if not removed, up to an including seizure of the sites by a court. Of course once the image has hit the Internet and the site has been crawled what then? Does Google become responsible to remove or face civil or criminal penalties? Does the victim than has to start the process with Google. Also we have Wayback which archives sites including these ones. And what happens when the sites is beyond the reach of US. We have trouble getting cooperation from some places on child porn. Call me old fashion but if folks just kept their clothes on when cameras come out maybe this would not happening as much. Otherwise folks need to understand there is a real risk their naked self will be seen by the world. It also isn’t just due to the fault of a revengeful former flame. One of the revenge sites couldn’t get enough folks to send in images, so they started hacking victims phones and computers and stealing. Lesson here folks don’t film or take a picture unless y are ok with the possibility the world will see. But the civil and criminal laws that may have to be enacted for the folly of these folks makes my head hurt. (Please understand I am do talking about images taken without consent, or used in a larger pattern of digital harassment. Finally, I have no kind words for someone who betrays this kind trust. Y are scum and the sites that host this stuff are as well. Question remaining and to be decided is, are you also criminals)

These host are criminals if not responding when notified of failure to police the computers they allow to access the common carrier from their location. 320 was supposed to mirror the immunizations of a telephone carrier for the content of the telecommunications delivered. Not as used by US Courts to grant immunity to the provider of the telephones or computers allowed to be used to cause harm. A homeowner or business owner accepts the duty to regulate use of the telecommunications they allow to occur from their facility. The end of 230 is as simple as this if attacked properly. Before it get fixed there will probably be bloodshed.

This was the expected outcome or should have been to ANY lawyer with four live brain cells. There must be a few left. Section 320 will be amended after attacked DIRECTLY for being the senescent US courts inverting an Act of Congress and turning the Communications Decency Act of 1995 into exactly the opposite of the intentions of Congress. This Act of Congress was intended to protect the deliveries of telecommunications to users and not those hosting this content. It was supposed to mirror the immunizations of a telephone carrier for the content of the telecommunications delivered. Not immunity to the provider of the telephones or computers allowed to be used to cause harm. A homeowner or business owner accepts the duty to regulate use of the telecommunications they allow to occur from their facility. The end of 230 is as simple as this if attacked properly. This attempt was a failure of US Courts from the start.

Yet another decision cements Ron Wyden’s singlehanded destruction of the internet via the abomination that is Section 230 immunity, championed by content-aggregators and cybercriminals alike for the license it provides to destroy the lives of innocents for fun and profit. Until attractive women were victimized, CDA230 had little opposition, but now that “someone we care about” has been harmed, the system is torn trying to find a way to protect its VIPs without destroying the underlying weapon.

The Supreme Court has already laid down case law which, if applied to modern times, would render Section 230 unconstitutional, while establishing a “right to reputation.” The “right to privacy”is not written into the constitution, but was found to exist, and other countries – none of which hold intermediaries liable – have estbliished this right. In 1976, the Supreme Court came within a hair of doing so in Paul v. Davis. In Paul v. Davis, case, a man had sued because a police officer “flyered” his name and picture as someone “aqrrested for burglary” to retailers in the area, without noting the man had been acquitted. A color-of-law violation based on the “right to reputation” as the constitutional violation was asserted, and barely rejected by the court, because the harm to reputation, *by itself*, was not a constitutional harm. However, the Court noted in that case that if a swcondary, constitutional harm, such as the loss of employment or other property, could be inferred from the defamation, that it would become a constitutional harm.

Paul v. Davis was decided in 1976, before Google began attaching scarlett-letters to targets of defamation, making it impossible for them to live a constitutionally protected life, i.w., the right to life, liberty, and the pursuit of happiness. Because defamation now automatically infers constitutional harm, when the Supreme Court finally visits Section 230 (the law has *never* been tested by the highest court, yet people act like it’s black-letter law), it is likely they will cite Paul v. Davis when striking down Section 230, establishing a constitutional right to reputation, and bringing American defamation law in line with the rest of the world.

Search engines have lready lost libel cases in the UK and AUS. Last time I checked the internet still works in those countries. I bet if the author were ever targeted for defamation, s/he wouldn’t be so cavalier towards Section 230’s existence, or its problems. Like the song sang, “Well tonight thank god it’s them, instead of you.”

Some liken the internet to the “wild west,” but there’s a reason the wild west was tamed. Remove accountability and civility, and the very people who should be participating in the discussions will be chilled into silence. Thanks to 230, you cannot trust onlnie reviews, or even seaqrch-results on those you interact with. It’s at the point now where any internet presence at all by someone evidences that they’re just a desperate loser who *has* to be online. It didn’t have to be that way, but when criminals are allowed to thrive through hate-marketing and disparaging rivals, and whistleblowers can be lied about by those who actually commit the crimess (like the man serving 75 months for child porn possession who spent years warnign parents of his targegts that I and others were pedophiles), the internet becomes worthless to anyone who isn’t an infrastructure company or celebrity, or a scam artist.

Those who smugly say it’s smart to to avoid these problems are wrong if they think they won’t be targeted. We now have “reputation blackmailers” in poor countries who use 230 to threaten wealthy Americans with reputation-destruction if they don’t pay thousands of dollars in blackmail. Defamation laws were once an alternative to DUELING. If one could duel to the death over harm to reputation, then the right to reputation at least equals the constitutional right to life.